METHOD FOR VALIDATING AN ELECTRONIC PAYMENT BY 
A CREDIT/DEBIT CARD 

Technical field 

The present invention relates generally to the methods and 
systems for enhancing the security of the electronic transactions 
using a credit or debit card and relates in particular to a 
method for validating an electronic payment by a credit/debit 
card. 

Background 

The electronic payment is more and more used to perform 
transactions, in particular through the Internet network. In such 
a case, a seller provides an electronic catalog for selling 
articles or even services through Internet. Any buyer connected 
by a terminal to Internet can consult the catalog and purchase 
the proposed articles by sending his order to the seller through 
Internet together with his credit/debit card number (herein after 
referred to as u card number") . 

Generally, the payment is validated by using an electronic 
payment center which is also connected to the Internet network. 
Such a center is connected to the banking companies and 
authorized/certif ied by these banking companies. At the same time 
the buyer orders the articles to the seller, he transmits his PIN 
(Personal Identification Number) code to the electronic payment 
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center together with the identification of the purchased 
articles, the date and the time of the purchase. Upon receiving 
the order, the seller sends the identification of the articles, 
the time and date and the card number to the electronic payment 
5 center which can then validate the payment after checking that 
the PIN code number corresponds to the card number. 

But, in such an electronic payment, it is always the buyer who 
decides and validates the transaction. Now, considering the 
increase of electronic payment through the Internet network, and 
10 considering the need that such a system may be available to 
^ several people depending upon a single credit like to young 

people (children) or old people (grandparents) who are sometimes 

£0 

|U overtaken by the today techniques, it is a problem not having 

f\l such a transaction being validated by the prime owner of the 

!;*15 credit card, or in a general way by a third party. 

j'ij Summary of the invention 

P Accordingly, the main object of the invention is to achieve a 

method for validating by a third party an electronic payment 
using a credit /debit card. 

20 The invention relates therefore to a method for validating an 
electronic payment by a credit/debit card in a transaction system 
comprising a seller terminal for registering a sale of one or 
several articles by a buyer using a card associated with a 
plurality of PIN codes and an electronic payment center connected 

25 to the seller terminal by the Internet network, the method 
consisting for the electronic payment center to check that a 
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buyer PIN code which is provided by the buyer to the center is 
associated with the number of the credit/debit card provided by 
the buyer to the seller terminal. Such a method is characterized 
in that it further comprises the step automatically carried out 
by the electronic payment center of checking with a third party 
whether the buyer PIN code is valid. 

Brief description of the drawings 

The above and other objects, features and advantages of the 
invention will be better understood by reading the following more 
particular description of the invention in conjunction with the 
accompanying drawings wherein : 
■Fig. 1 is a block-diagram of a system wherein a buyer orders 

articles to a seller and performs the payment to an electronic 

payment center through the Internet network. 
■Fig. 2 is a flow chart of the steps performed in the 

electronic payment center in order to achieve the method 

according to the invention. 

Detailed description of the invention 

According to the invention, a buyer terminal 10, a seller 
terminal 12 and an electronic payment center 14 are all connected 
to the Internet network 16 . When the buyer wants to order 
articles after having consulted an electronic catalog, he sends 
the order through the network to the seller terminal 12, For 
this, he sends with an encryption key 1 provided by the seller at 
the initialization of the transaction, the necessary information 
that is the credit/debit card number, the identification of the 
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ordered articles and the time and date of the purchase. At the 
same time, the buyer sends through Internet another message which 
is encrypted by an encryption key 2 to the electronic payment 
center 14, this message containing the identification of the 
purchased articles, and the time and date of the purchase. After 
receiving the purchase order, the seller terminal 12 sends with 
an encryption key 3 the information necessary to achieve the 
electronic payment, that is the identification of the articles 
and the time and date of the purchase, and also a PIN code 
number. Note that encryption key 2 and 3 have been previously 
provided by the electronic payment center to respectively the 
buyer 10 and the seller 12, 

It must be noted that generally the buyer 10 is remote from the 
seller and the transaction between them is made through Internet. 
But it is possible that a buyer 11 be in the seller shop. In such 
a case, the necessary information is directly provided by the 
buyer and the information containing the PIN code is transmitted 
from the terminal seller 12 to the electronic payment center. 

After receiving the PIN code number from the buyer 10, the 
electronic payment center checks whether the PIN code number 
being received is a valid PIN code by checking in profile tables 
18 the entries of which are the card numbers and giving some 
other information for each PIN code such as the authorized 
amount. If so, the electronic payment center 16 launches a 
validation process by contacting a third party 20 through a phone 
network 22. It must be noted that such a phone network is 
preferably a wireless phone network wherein the third party 2 0 is 
the owner of a mobile phone because the third party can be always 
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contacted (assuming his mobile phone is always activated) . Note 
also that the phone network could be replaced by any kind of 
transmission network, and in particular, the Internet network. 

The steps of the method according to the invention, performed in 
the electronic payment center are now described in reference to 
the flow chart of Fig. 2. As already mentioned, the card number 
and the PIN code of the buyer are first received (step 30) by the 
electronic payment center from respectively the buyer and the 
seller. After receiving this information, the computer of the 
electronic payment center performs a profile checking (step 32) 
by consulting a profile table (see Fig. 1) . In fact, there are 
different PIN codes corresponding to the card number which can, 
for example, be derived from the original PIN code by some 
algorithm like a scrambling algorithm. Thus, the prime owner of 
the card may give to other people a copy of the card (for 
example, a man can give one copy to his wife and one copy to each 
of his children) . All these people have different PIN codes and 
so, they will be differently identified during a payment 
transaction. 

Coming back to Fig. 2, the profile tables enable the validating 
party to know whether the PIN code provided by the buyer is valid 
(step 34) . If not, an electronic error message is sent to the 
buyer terminal (step 36) . If the PIN code corresponds to one of 
the valid codes associated with the card, the computer of the 
electronic payment center can check additional information within 
the profile tables, for example, the maximum amount authorized 
for this PIN code and whether the price of the purchased articles 
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is less than the maximum amount (step 38) . If not, an electronic 
error message is sent to the buyer terminal (step 40) . 

When the requested amount is below the authorized maximum, the 
computer of the electronic payment center checks whether it has 
5 received in a previous interval of time (for example one hour) a 
prevalidation from the third party including the delivery of the 
PIN code (step 42) . It must be noted that this prevalidation can 
occur at any time and also canceled at any time by the third 
party calling the computer of the electronic payment center and 
10 through interactive dialog using a phone keyboard. 

3 When such a prevalidation has been received, the computer of the 

l electronic payment center validates the transaction (step 44) 

after having cleared (step 46) the prevalidation information (so, 
y it is no more valid for a potential next transaction) . When there 

15 is no prevalidation, the computer calls the third party (step 48) 

and through artificial voice, asks for the authorized PIN code to 
* determine whether the PIN code provided by the buyer is a correct 

Ti. 

i PIN code (step 50) . If so, the transaction is validated (step 

44) . If the PIN code provided by the third party does not 
20 correspond to the PIN code provided by the buyer, an electronic 
error message is sent to the buyer terminal (step 52) . 
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